For Home

Virus Profile: BackDoor-FIT

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 10/10/2012
Date Added: 10/10/2012
Origin: Unknown
Length: varies
Type: Trojan
Subtype: Remote Access
DAT Required: 6861
Removal Instructions
   
 
 
   

Description

BackDoor-FIT is a remote access trojan written in .NET which is designed to open a backdoor and allow attackers to issue commands to control the compromised machines.

Indication of Infection

  • Presence of the aforementioned registry key
  • Presence of the network connections to above sites

Methods of Infection

Trojans do not self-replicate. They spread manually, often under the premise that the executable is something beneficial. Trojans may also be received as a result of poor security practices, or un-patched machines and vulnerable systems. Distribution channels include IRC, peer-to-peer networks, email, newsgroups postings, etc.

   

Virus Characteristics

Upon execution, the trojan modifies following registry keys.

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    "filename" = "filepath to trojan"

The trojan attempts to connect following site and waits commands.

  • sysdeck.[Removed].me

The backdoor has following functions:

  • List Files/Directories
  • Add/Modify/Remove Files/Directories
  • Create processes
  • Spawn hidden iexplorer.exe
  • Download/upload files
  • Log keystrokes/mouse actions
  • Capture screenshots

The backdoor also connects the Japanese BBS site.

  • http://jbbs.livedoor.jp/

 

 
   

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).